Anubis is an automated collection framework for extracting data from binary files. It supports various collection methods, including regex searching, symbol extraction, class dumping, and IDA-based analysis.
- Regex-Based File Search – Locate patterns in files using
ripgrep. - Class Dump Extraction – Extract Objective-C class information from Mach-O binaries.
- Protocol selectors Extraction – Extract Objective-C selectors of given protocol.
- Plist Conversion – Convert property list (
plist) files to structuredYAMLformat. - Section Extraction – Retrieve specific sections from Mach-O binaries.
- Symbol Extraction – Extract function symbols from binaries using
nm. - Strings Extraction – Extract and filter strings from binaries using regex patterns.
- Register Tracking (Experimental) – Analyze register values within functions using IDA Pro.
- Binary Export (Not supported on IDA 9+) – Extract and export binary analysis results from IDA Pro.
brew install yq ripgrep libmagicpython3 -m pip install anubis-ipswTo use the IDA-based collectors, anubis must be installed on the same Python interpreter as IDA.
You can select the correct interpreter using the idapyswitch utility.
To collect data based on a rule file:
anubis collect /path/to/input /path/to/output /path/to/rules.yamlRun specific collectors:
anubis collect /input /output /rules.yaml -c rg -c binexportExclude specific collectors:
anubis collect /input /output /rules.yaml -b strings -b sectionPull requests and issues are welcome!